Security Woes at PA Nuke

Thursday, October 24, 2013 @ 07:10 PM gHale

The Beaver Valley nuclear power plant received two violations for shortcomings federal inspectors found in the plant’s cyber security program on Sept. 13.

The Nuclear Regulatory Commission (NRC) reported the problems in a letter sent to the Shippingport, PA, plant officials Monday, but it did not elaborate in public documents or interviews, which is standard protocol to keep security information from would-be attackers.

Contaminated Water Leaks at SC Nuke
Separate Reactors Shut Down
Nuke Worker Guilty of Falsifying Data
UK Approves New Nuke Plant

Akron, OH-based FirstEnergy Corp., the plant’s owner, has fixed the problems, said spokeswoman Jennifer Young. Young played down the plant’s exposure to cyber threats, noting many of its controls remain analog and have not gone to digital technology, which is more susceptible to hacking.

“The nuclear plants by design are pretty isolated from what we normally think of as cyber security issues,” Young said. “When it comes to control of the plant, we’re in very robust shape. That doesn’t mean that we rest on that.”

The NRC ordered plants to bolster security against hacking and other threats after 9/11. But it took eight years to issue cyber security rules and four more years to start inspections.

The commission found the problems during a wave of inspections it is doing around the country, part of its first attempt to ensure last generation’s plants are ready to handle today’s problems of hackers, nation state attacks and hacktivists, not to mention equipment failures.

The rules are still so new the commission isn’t taking enforcement action against Beaver Valley for its problems, Young said. That is a common practice the commission uses, pushing power plants to make improvements but forgoing sanctions as companies adjust to the first-time application of new rules, said Dave Lochbaum, director of the Nuclear Safety Project at the Union of Concerned Scientists.

FirstEnergy officials believe Beaver Valley did well compared to other plants, Young said. Of about 10 that faced similar audits, some had no problems at all, said Lochbaum, who reviewed some of the reports made public in the commission’s database. Others had violations similar to Beaver Valley’s.

Three Mile Island near Harrisburg had two violations in its June inspection, the commission said in its letter to that plant’s owner, Exelon Corp. That plant is famous for the worst nuclear disaster in U.S. history, a partial meltdown and radiation leak in 1979.

Beaver Valley had several issues in the past 18 months. Last year the commission cited it for problems likely related to plant access, Lochbaum said, and in April it may have failed part of a drill that included a mock physical attack. The commission also audited the plant for earthquake risks in July because plant officials last year found dozens of minor problems officially called “potentially adverse seismic conditions.”

Leave a Reply

You must be logged in to post a comment.